Microsoft’s latest Windows update breaks VPNs, and there’s no fix
What Microsoft actually said:
Windows devices might face VPN connection failures after installing the April 2024 security update, or KB5036893.
We are working on a resolution and will provide an update in an upcoming release
I'm so fed up with everyone trying to make a quick buck on our constant struggle to stay safe.
The reality is that it broke "something* in certain lpt2/ipsec connections using certain authentication protocols, although they haven't yet specified which particular connection technologies are affected.
However this does not mean that a blanket affect of ALL VPN connection not working is an issue.
So far we are unaffected on clients using ipsec and PAP protocol authentication, nor connections using Anyconnect (aka Cisco Secure Connect).
I have also not seen any affect on private VPN clients such as PIA or Nord on machines that have this update.
I suspect what broke was clients using MSChap, Microsoft's own protocol for authentication for VPN clients.
Source: an admin with 200+ client machines with VPN connections that are not impacted after installing this update.
The problem is bureaucratic: Using them with Wine is not the manufacturers intent, so it may break for a while and theres nothing the manufacturer will do to fix it. The companies of the users often don't dare rely on this. It's also why some companies require to use redhat or ubuntu for a distro, because they don't dare running anything without a support contract. They think that way there's someone external to blame, call for help or sue, if things break. I'm not a fan of this, but encountered it a few times on different jobs. At my current job one of our clients has this with redhat and tbh they actually had to call redhat support twice this year, because their server got messed up during upgrades.
Games. I have a Steam Deck so yea I get that Proton works really well now but it's still not perfect. And also I write software for customers that use Windows so ¯\(ツ)/¯
My workplace requires VPN for Web sites that are authenticated, require 2FA and are encrypted. It's infuriatingly stupid. I feel like someone higher up got sold a useless contract by a good VPN salesperson.
Yeah, you're not wrong that the article kinda sets itself up for the "lookit our recommended VPNs" pitch.
There's no way Microsoft would purposefully disable VPNs from working. I can guarantee that they require VPNs for thousands of roles in the company, let alone breaking it for government agencies that require VPNs, etc.
It is good to know that a specific update can break something ahead of time, though. Then at least you can avoid it.